General
-
Target
app.exe
-
Size
4.0MB
-
Sample
210228-m6h3ck67ve
-
MD5
df8cdf4913afbf637372394db090f5db
-
SHA1
9ffd61cc85e43792f4b32ccc8909df67a8685216
-
SHA256
54fdcb0f899b7a1d1bf35dfd5a25f212b5ca7f905a368cf968ce96bd7498423b
-
SHA512
8213b096c7b488206b2df487e75912ef078c304b8c8d74a41c039a854b80c7524911341770d63877dec2afb14f39570391e1ba6c3e9fac35d90e58a6f892b846
Static task
static1
Behavioral task
behavioral1
Sample
app.exe
Resource
win7v20201028
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
app.exe
-
Size
4.0MB
-
MD5
df8cdf4913afbf637372394db090f5db
-
SHA1
9ffd61cc85e43792f4b32ccc8909df67a8685216
-
SHA256
54fdcb0f899b7a1d1bf35dfd5a25f212b5ca7f905a368cf968ce96bd7498423b
-
SHA512
8213b096c7b488206b2df487e75912ef078c304b8c8d74a41c039a854b80c7524911341770d63877dec2afb14f39570391e1ba6c3e9fac35d90e58a6f892b846
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-